Hacking, AppSec, and Bug Bounty newsletter
2019-04-30 | Millionaires and merit scholars, Bug bounty tips, and CI Knew there would be bugs here
Tuesday, April 30
Millions of IoT devices vulnerable to eavesdropping, credential theft, remote compromises reports Krebs. The security flaws involve iLnkP2P, software developed by China-based Shenzhen Yunni Technology.
TWEET OF THE DAY
Here’s how secure your location data is: Using a burner gmail address and zero verifying info, we got it. No federal law restricts the trade. This isn’t about privacy. It’s about security. - @tonydokoupil
OTHER ARTICLES WE’RE READING
Cyber Coalition paper on VDP, emphasis on US. “CVD should be a standard component of public & private sector security programs, but not a replacement for other defenses.” Rapid7 policy director has some notes in a twitter thread.
I C what you did there… “CI Knew There Would Be Bugs Here” Exploring Continuous Integration Services as a Bug Bounty Hunter by @Rhynorater, @hacker_, and @EdOverflow. Relaed: Streaak published Keyhacks tool on GH.
Millionaires and merit scholars: The Hustle covers @try_to_hack, @cablej, CyFi, and more
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
CVSS has very little context about the boutique risks of our environment and can’t reach that far into communicating them.